Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/09/08

[***] Summary: [***]

8 new OPEN, 17 new PRO (8 + 9) Multiple Maldoc Checkin, SideWinder
TLS Cert, Win32/Mingloa CnC, Win32/MobiGame and VARIOUS PHISHING

Thanks @Timele9527

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033908 - ET TROJAN Maldoc OneDrive Download Activity (GET) (trojan.rules)
2033909 - ET MALWARE Win32/MobiGame Install Stats Checkin M1 (malware.rules)
2033910 - ET MALWARE Win32/MobiGame Install Stats Checkin M2 (malware.rules)
2033911 - ET MALWARE Win32/MobiGame Install Stats Checkin M3 (malware.rules)
2033912 - ET TROJAN W32/Bingoml!tr CnC Activity (trojan.rules)
2033913 - ET TROJAN Win32/Mingloa CnC Checkin (trojan.rules)
2033914 - ET TROJAN Maldoc Checkin Activity (GET) (trojan.rules)
2033915 - ET TROJAN Maldoc Checkin Activity (GET) (trojan.rules)

Pro:

2849876 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-09-08 (current_events.rules)
2849877 - ETPRO TROJAN Observed Malicious SSL Cert (SideWinder CnC)
(trojan.rules)
2849878 - ETPRO TROJAN Win32/DailyDose Checkin (trojan.rules)
2849879 - ETPRO TROJAN Win32/DailyDose KeepAlive (trojan.rules)
2849880 - ETPRO ATTACK_RESPONSE JavaScript Array Index Obfuscation
Technique Inbound (attack_response.rules)
2849881 - ETPRO CURRENT_EVENTS Successful Chase Bank Credential
Phish 2021-09-08 (current_events.rules)
2849882 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-09-08 (current_events.rules)
2849883 - ETPRO INFO Powershell Accessing sharetext .me (info.rules)
2849884 - ETPRO INFO Powershell Accessing pastebin (info.rules)

[///] Modified active rules: [///]

2027147 - ET TROJAN Win32/Beapy/Lemon_Duck CnC Checkin (trojan.rules)
2033218 - ET CURRENT_EVENTS Observed Possible Phishing 2021-06-29
(current_events.rules)
2033760 - ET TROJAN SiameseKitten/Lyceum/Hexane MSIL/Shark CnC
Checkin (trojan.rules)
2033906 - ET TROJAN Win32/Unk.Coinminer Checkin (trojan.rules)
2839213 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2849231 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 154
(mobile_malware.rules)
2849844 - ETPRO CURRENT_EVENTS Successful US IRS Phish 2021-09-03
(current_events.rules)

[---] Removed rules: [---]

2033761 - ET TROJAN SiameseKitten/Lyceum/Hexane MSIL/Shark Response
- 1 Byte XOR Key (trojan.rules)

Date:
Summary title:
8 new OPEN, 17 new PRO (8 + 9) Multiple Maldoc Checkin, SideWinder TLS Cert, Win32/Mingloa CnC, Win32/MobiGame and VARIOUS PHISHING